General

  • Target

    boatnet.x86_64

  • Size

    22KB

  • Sample

    220808-f65zqagbd4

  • MD5

    5df24a13b6fc7fa85827ed880db04c12

  • SHA1

    be40a63622485ec72e4c9badc6b2e6700c843f55

  • SHA256

    c6348240a5102a7b8a00ea12ca30bd4db6a4776434bac64e5774535e3df356ee

  • SHA512

    6c0aa876a6f4cce7425e7f0abb3a85f7ed026c6dcfcb15745068d169df351997e605fed1e39c70c0e9df442959c1c97d4b8ec10d267608b9f6c1a1dd0a316884

Score
9/10

Malware Config

Targets

    • Target

      boatnet.x86_64

    • Size

      22KB

    • MD5

      5df24a13b6fc7fa85827ed880db04c12

    • SHA1

      be40a63622485ec72e4c9badc6b2e6700c843f55

    • SHA256

      c6348240a5102a7b8a00ea12ca30bd4db6a4776434bac64e5774535e3df356ee

    • SHA512

      6c0aa876a6f4cce7425e7f0abb3a85f7ed026c6dcfcb15745068d169df351997e605fed1e39c70c0e9df442959c1c97d4b8ec10d267608b9f6c1a1dd0a316884

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Tasks